From 427b6725510bff92b73741a6f5d5be1ba721fc93 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 31 Mar 2015 18:32:50 +0200 Subject: [PATCH] Add XXX_PROCESS_ALT mecchanism --- ChangeLog | 3 +++ include/mbedtls/config.h | 39 +++++++++++++++++++++++++++++++++++---- library/md2.c | 2 ++ library/md4.c | 2 ++ library/md5.c | 2 ++ library/ripemd160.c | 2 ++ library/sha1.c | 2 ++ library/sha256.c | 2 ++ library/sha512.c | 2 ++ 9 files changed, 52 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index a71b4a738..a6dca89c6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,9 @@ mbed TLS ChangeLog (Sorted per branch, date) Features * Support for DTLS 1.0 and 1.2 (RFC 6347). + * Ability to override xxx_process() function from a md/sha module with + custom implementation (eg hardware accelerated), complementing the ability + to override the whole module. API Changes * ecdsa_write_signature() gained an addtional md_alg argument and diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 52cec1da8..a5740ac7a 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -231,20 +231,23 @@ //#define POLARSSL_TIMING_ALT /** - * \def POLARSSL_XXX_ALT + * \def POLARSSL__MODULE_NAME__ALT * * Uncomment a macro to let mbed TLS use your alternate core implementation of - * a symmetric or hash algorithm (e.g. platform specific assembly optimized + * a symmetric or hash module (e.g. platform specific assembly optimized * implementations). Keep in mind that the function prototypes should remain * the same. * + * This replaces the whole module. If you only want to replace one of the + * functions, use one of the POLARSSL__FUNCTION_NAME__ALT flags. + * * Example: In case you uncomment POLARSSL_AES_ALT, mbed TLS will no longer * provide the "struct aes_context" definition and omit the base function * declarations and implementations. "aes_alt.h" will be included from * "aes.h" to include the new function definitions. * - * Uncomment a macro to enable alternate implementation for core algorithm - * functions + * Uncomment a macro to enable alternate implementation of the corresponding + * module. */ //#define POLARSSL_AES_ALT //#define POLARSSL_ARC4_ALT @@ -260,6 +263,34 @@ //#define POLARSSL_SHA256_ALT //#define POLARSSL_SHA512_ALT +/** + * \def POLARSSL__FUNCTION_NAME__ALT + * + * Uncomment a macro to let mbed TLS use you alternate core implementation of + * symmetric of hash function. Keep in mind that function prototypes should + * remain the same. + * + * This replaces only one function. The header file from mbed TLS is still + * used, in contrast to the POLARSSL__MODULE_NAME__ALT flags. + * + * Example: In case you uncomment POLARSSL_SHA256_PROCESS_ALT, mbed TLS will + * no longer provide the sha1_process() function, but it will still provide + * the other function (using your sha1_process() function) and the definition + * of sha1_context, so your implementation of sha1_process must be compatible + * with this definition. + * + * + * Uncomment a macro to enable alternate implementation of the corresponding + * function. + */ +//#define POLARSSL_MD2_PROCESS_ALT +//#define POLARSSL_MD4_PROCESS_ALT +//#define POLARSSL_MD5_PROCESS_ALT +//#define POLARSSL_RIPEMD160_PROCESS_ALT +//#define POLARSSL_SHA1_PROCESS_ALT +//#define POLARSSL_SHA256_PROCESS_ALT +//#define POLARSSL_SHA512_PROCESS_ALT + /** * \def POLARSSL_AES_ROM_TABLES * diff --git a/library/md2.c b/library/md2.c index 95108433a..fb8acddf1 100644 --- a/library/md2.c +++ b/library/md2.c @@ -112,6 +112,7 @@ void md2_starts( md2_context *ctx ) ctx->left = 0; } +#if !defined(POLARSSL_MD2_PROCESS_ALT) void md2_process( md2_context *ctx ) { int i, j; @@ -145,6 +146,7 @@ void md2_process( md2_context *ctx ) t = ctx->cksum[i]; } } +#endif /* !POLARSSL_MD2_PROCESS_ALT */ /* * MD2 process buffer diff --git a/library/md4.c b/library/md4.c index 47f762d85..2de259d98 100644 --- a/library/md4.c +++ b/library/md4.c @@ -108,6 +108,7 @@ void md4_starts( md4_context *ctx ) ctx->state[3] = 0x10325476; } +#if !defined(POLARSSL_MD4_PROCESS_ALT) void md4_process( md4_context *ctx, const unsigned char data[64] ) { uint32_t X[16], A, B, C, D; @@ -210,6 +211,7 @@ void md4_process( md4_context *ctx, const unsigned char data[64] ) ctx->state[2] += C; ctx->state[3] += D; } +#endif /* !POLARSSL_MD4_PROCESS_ALT */ /* * MD4 process buffer diff --git a/library/md5.c b/library/md5.c index 62f619bc0..5eef65d3b 100644 --- a/library/md5.c +++ b/library/md5.c @@ -107,6 +107,7 @@ void md5_starts( md5_context *ctx ) ctx->state[3] = 0x10325476; } +#if !defined(POLARSSL_MD5_PROCESS_ALT) void md5_process( md5_context *ctx, const unsigned char data[64] ) { uint32_t X[16], A, B, C, D; @@ -229,6 +230,7 @@ void md5_process( md5_context *ctx, const unsigned char data[64] ) ctx->state[2] += C; ctx->state[3] += D; } +#endif /* !POLARSSL_MD5_PROCESS_ALT */ /* * MD5 process buffer diff --git a/library/ripemd160.c b/library/ripemd160.c index 97ab53078..5e55ff582 100644 --- a/library/ripemd160.c +++ b/library/ripemd160.c @@ -107,6 +107,7 @@ void ripemd160_starts( ripemd160_context *ctx ) ctx->state[4] = 0xC3D2E1F0; } +#if !defined(POLARSSL_RIPEMD160_PROCESS_ALT) /* * Process one block */ @@ -286,6 +287,7 @@ void ripemd160_process( ripemd160_context *ctx, const unsigned char data[64] ) ctx->state[4] = ctx->state[0] + B + Cp; ctx->state[0] = C; } +#endif /* !POLARSSL_RIPEMD160_PROCESS_ALT */ /* * RIPEMD-160 process buffer diff --git a/library/sha1.c b/library/sha1.c index 086fd7f44..bf25f6d0c 100644 --- a/library/sha1.c +++ b/library/sha1.c @@ -108,6 +108,7 @@ void sha1_starts( sha1_context *ctx ) ctx->state[4] = 0xC3D2E1F0; } +#if !defined(POLARSSL_SHA1_PROCESS_ALT) void sha1_process( sha1_context *ctx, const unsigned char data[64] ) { uint32_t temp, W[16], A, B, C, D, E; @@ -263,6 +264,7 @@ void sha1_process( sha1_context *ctx, const unsigned char data[64] ) ctx->state[3] += D; ctx->state[4] += E; } +#endif /* !POLARSSL_SHA1_PROCESS_ALT */ /* * SHA-1 process buffer diff --git a/library/sha256.c b/library/sha256.c index 7d4c32c12..f6f655661 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -129,6 +129,7 @@ void sha256_starts( sha256_context *ctx, int is224 ) ctx->is224 = is224; } +#if !defined(POLARSSL_SHA256_PROCESS_ALT) void sha256_process( sha256_context *ctx, const unsigned char data[64] ) { uint32_t temp1, temp2, W[64]; @@ -259,6 +260,7 @@ void sha256_process( sha256_context *ctx, const unsigned char data[64] ) ctx->state[6] += G; ctx->state[7] += H; } +#endif /* !POLARSSL_SHA256_PROCESS_ALT */ /* * SHA-256 process buffer diff --git a/library/sha512.c b/library/sha512.c index 86e28a9b9..aeb418724 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -190,6 +190,7 @@ void sha512_starts( sha512_context *ctx, int is384 ) ctx->is384 = is384; } +#if !defined(POLARSSL_SHA512_PROCESS_ALT) void sha512_process( sha512_context *ctx, const unsigned char data[128] ) { int i; @@ -258,6 +259,7 @@ void sha512_process( sha512_context *ctx, const unsigned char data[128] ) ctx->state[6] += G; ctx->state[7] += H; } +#endif /* !POLARSSL_SHA512_PROCESS_ALT */ /* * SHA-512 process buffer